Описание
[REJECTED CVE] A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils, in debug_get_real_type, as demonstrated in objdump, that can cause a denial of service via a crafted file.
Отчет
The version of binutils shipped in Red Hat Developer Toolset 10 and Red Hat Enterprise Linux 8's GCC Toolset 10 is not affected by this flaw because it has already been patched. Also, please note that this CVE has been rejected Upstream and it is not considered as a security issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | binutils | Out of support scope | ||
| Red Hat Enterprise Linux 5 | binutils220 | Out of support scope | ||
| Red Hat Enterprise Linux 6 | binutils | Out of support scope | ||
| Red Hat Enterprise Linux 7 | binutils | Out of support scope | ||
| Red Hat Enterprise Linux 8 | binutils | Fix deferred | ||
| Red Hat Enterprise Linux 8 | gcc-toolset-10-binutils | Not affected | ||
| Red Hat Enterprise Linux 8 | gcc-toolset-9-binutils | Fix deferred |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in debug_get_real_type, as demonstrated in objdump, that can cause a denial of service via a crafted file.
5.5 Medium
CVSS3